Posted
by
timothy
on Wednesday May 28, 2008 @04:47PM
from the kip-hawley-please-to-the-white-courtesy-phone dept.

swillden writes "Everyone who pays any attention at all to security, both computer security and 'meatspace' security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive." swillden would like to know what you've encountered along these lines; read on for the rest of his question below.

swillden continues: "Recently, a neighbor uncovered a good example. He and his wife attended a local semi-pro baseball game where security guards were checking all bags for weapons. Since his wife carries a small pistol in her purse, they were concerned that there would be a problem. They decided to try anyway, and see if her concealed weapon permit satisfied the policy. The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the 'security' check was really about: improving park food vending revenues.

So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"

I just got back from TRAFFIC court.... I had to go through security very similar to the airport so I could walk up to a window which was 15 feet from the front door. I walked through the front door, five feet later I was being scanned, searched and forced to return to my car because my 1 inch pocket knife was a threat, then when I got past that crap I had to stand in line and wait to talk to someone behind a window. I saw no rational reason for any of this...

Security systems that will let you in with nothing more than a fingerprint scan.
Gee, what's more difficult: guessing the correct password within 3 attampts, or lifting a fingerprint and making a gelatin mold?
(hint: see Mythbusters to see how difficult it isn't to create a gelatin mold)

The most recent example of this was when the German Chaos Computer Club published the fingerprints of Wolfgang Schäuble, Germany's Innenminister (sort of like the UK home secretary or the USA's DHS head). They even distributed it as a film with their magazine, since there is no law against publishing fingerprints.

I went through Gatwick in February, and there's big signs and bins to get people to leave any liquids and bottles. I proceeded to down a 500ml bottle or sprite, leading to only a few very load belches, and oh-so accidentally spilt the contents of the other bottle on the floor and down the bin so I could keep the empty bottle (that didn't look against the rules).

Once we were though the scanners and shit, we had the wait by the duty free.... where they sell bottles of water and fizzy drinks along with the rest of the crap they pedal.

It was obvious that BAA (the major airport operator in the UK) are using security as an excuse to increase profits. Take people's drinks away under some jumped-up pretext, and then have the punters pay for drinks from BAA controlled shops. I had spotted the scheme when I heard about the liquid ban, so thats why I made a mess and kept a plastic bottle: they waste money paying someone to clean it up, and I have a bottle I can fill with tap water rather than have my wallet taken advantage of.

On the way home from Bulgaria, my friend had his bag searched.... they didn't like the bottle of aftershave in the bag that he'd bought on the way out. Nor did they like his 2 litre water bottle. But they checked the volumes, and the flamable aftershave was allowed but the water wasn't!!

And that's the worst thing I think about the fucking joke security in airports: they sell bottles of nearly pure ethanol just before you can get on a plane, but take away bottles of water, toothpaste, creams....

Hell, if a crackpot wanted to take down an aircraft they could start some very nasty fires in a plane with aftershaves and perfumes or bottles of very strong booze they bought in duty-free.

Oh yeah, if bottles of water, scissors, aerosols etc. are so dangerous, then why in airports do they insist on showing us big bins of what has been confiscated? The contents of some of those bins would burn rather dangerously, and I'm surprised I haven't heard of a case of someone dropping a burning book of matches into one of them.

The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the 'security' check was really about: improving park food vending revenues.

Heh heh, the fools. The gun's cartridge was loaded with small pretzels and Tootsie Rolls.

Those would be some very small pretzels if they fit into the cartridge(s) [wikipedia.org]. Filling the magazine [wikipedia.org] would offer more room, and would probably be sufficient enough to conceal it from the security personnel.;-)

This isn't digg or reddit - behave yourself.Some guidelines:1. Never describe anything as "epic", especially if followed by the word win or loss.2. Use decent grammar, punctuation, and spelling.3. Conceal all enthusiasm under a smug nerdiness.

Actually+, I think all sentences should be punctuated so as to indicate tone` We could reform the world^/Everyone knows how beautiful% perl scripts are---why hasn't this spread to the rest of printed# text? It could@ do &wonders for ==human.computer interaction!_ ))Just think: with{everything so clear,$we,could,see+world+`peace]`within&&our$lifetime! \|Misundersta%%ndings %{in*^written)()communi+[cation,"would@become^things&of the past@@

If they have the gun and you don't have one, all the more reason to just be cool about the situation. If you find someone with a gun in America and they are white middle-class, then there's a good chance that you could lose your job by hassling them about it. If you find someone with a gun in America and they are not white middle-class, then there's a good chance that you could lose your life by hassling them about it.

Excuse me, but I live in America, too, and here, if someone is caught with a gun, he goes straight to the jail, and he won't get out for a darn good while.

2% of us citizens have permits for concealed carry. Thats about 6 million. Not everyone with a gun goes to jail. I havent for the last 14 years.....

Yeah, but the US has higher rates of death by people killed by knives than most other countries. We have higher rates of assault (often with cars) than other countries. We are unfortunately, a pretty violent country, with or without guns.

If you look at the situation holistically, it's not clear that guns are a primary cause of the violence. Gun ownership rates are highest in the rural areas, while gun violence rates are highest in the urban areas. This book [amazon.com], has some very interesting, and fairly rigorous statistical analysis.

Many students of the situation note that the gun violence didn't rise in the US, until the war on drugs ramped up. A large amount of gun violence is directly related to drug commerce.

No trolling intended, but the war in Iraq now is the biggest piece of security theater on the planet. It does not make the US safer ( indeed it probably does the reverse ) but it does give certain people benefits. Chaney and friends make millions on no-bid contracts, and neocons get to implement policies that in more normal conditions would not be tolerated by the public.

Yeah, but see, you don't know that (the only ones who have proposed that are the experts over at CNN).

During my time spent in the middle east (all of which took place before 9/11) I saw... drumroll please... people who wanted to kill Americans. WHAT? DURING CLINTON?? Yes. We are not the 'cause' of these insurgents, and no matter how much you hate Bush for whatever you think it is he has done, or how much you want to blame him for the problems he inherited (from, IMO, the dem president that preceded him), he didn't make them either.

The very boring and undramatic truth of the matter is, there are always people who will capitalize on the loss or misgivings of a group of people, and people of the Middle East happen to be the latest target. Arafat did it with the PLO (which has NOTHING to do with liberating Palestinians, and has everything with creating a power base), and the same thing is happening now around Iraq.

So about "the sure thing is, there weren't insurgents": this rhetoric may work on your bleeding heart girlfriend, and probably works on many here on Slashdot, but don't try flinging that nonsense around vets, govt employees, or anyone else who has actually tried to DO something about these issues. It may sell books or commercial time on news channels, but it doesn't make any sense.

Had a friend that grew up in Ireland. He once mentioned, not long after the war started against Iraq, that in the 80's, a couple Brittish soldiers were at a security checkpoint in northern Ireland They shot up a car, that had a family in it. He mentioned that that one incident, in that one town, caused a huge number of people to join the IRA, and fight against Brittan. It took a good 10 years for things to calm back down.

Here were people that hated a country, and wanted it to die and suffer, but they just said that all the time. One wrong action, and those people actually started taking up arms, bombings, etc. There is a big difference between wanting American's killed, and actually trying to kill Americans. He wondered how many people we moved from Haters to Terrorists in Iraq.

Think about it for a minute. You may hate a person you don't like, and wish that they were dead. How much would it take to push you to the point that you actually murder them?

There were, in fact, people in the Middle East who really dislike America. Heck, 9/11 wouldn't have happened if that weren't the case.

However, you have to understand that this is at least in part due to American action. Our most egregious action was probably propping up the Shah in Iran. America has a history of using both deceit and pure muscle to get its way in the Middle East, and that has created a lot of enemies. Enemies that were there prior to Iraq.

Our invasion in Iraq certainly didn't help things. It flared up old angers that had, in some areas, begun to die out. It brought our men within striking range. It shouldn't be any kind of surprise that this situation creates insurgents. Our invasion of Iraq strengthens the political position of our enemies; their claims about America seem to be confirmed, and it helps stokes the fears that cause people to flock to such causes.

You have to look at this historically. People in the ME don't hate the US because of our freedom. They hate the US because of how we've treated them in the past.

(It is, of course, more complicated than that, but this is a Slashdot comment.)

Imagine being born after 1953 or just being a kid and witnessing and find an occupying force desecrating a belief system your parents brought you up to uphold.I'd imagine that after 20 something years, I'd be pissed enough to take hostages too.

Many people don't want to or can't see the bigger picture.

Look at the small town hate that comes from a Wal*Mart installation.I'm not saying that Wal*Mart = China (but in a way it is) but imagine Wal*Mart being a Chinese military installation with Chinese soldiers in all it's installations.Would you not be upset as an American?

Thank you. There seem to be so many people who have bought the propaganda to the point that they no longer understand what some words mean, or perhaps they never knew so the definitions have been defined by propaganda.

Insurgents [reference.com] rebel against legal authority, they are individuals within a group that rebel against the group. People from one country who attack another are generally invaders, aggressors or terrorists depending on the scale, government involvement and nature of the attacks.

The US has not experienced an insurgency in Iraq. The Iraqi government has, but that government is of dubious standing in Iraq given that it has been installed by an illegal invader. Hypothetically reverse the conflict and ask yourself if someone invaded the US and installed the government they wanted, would you fight against it or simply accept it? If you would answer the former, you could well be labelled a "terrorist insurgent", or "resistance fighter" depending on the political standpoint of the labeler.

Not many monitors or practitioners of international law consider the invasion of Iraq legal, close to zero. There was no UN mandate to support it, there were mandates supporting the use of force but they were irrelevant to the situation at the time. The only people who argue that it was legal are American neo-cons, hardly known for their understanding or respect of international law, their cronies and idiots who buy the propaganda.

Please re-read the dictionary because while the definition of terrorist has changed recently, the definition of insurgent has not yet been corrupted in the good book.

You have just proved his point. Before we went over there and started killing them they were sitting around saying we hate americans. How many americans had they killed? A big fat zero. How many have they killed since we showed up and stuck our nose where it doesn't belong? About 6K last I checked.

That is the thing, it doesn't matter if the PLO is Arafat's power base, he isn't a US citizen so the US gov should stay out of his business. If we stop giving them a reason to hate us( such as randomly showing up with guns and shooting at them with out provocation, as we are doing now) then that power base will fall apart. He can't goad people forever with the old evil american line if the evil americans never manifest themselves.

There are no universally accepted definitions of insurgency. The common concept, in a wide range of definitions, is that it involves a desire for political power, achieved through means illegal under the rules of the existing government. It has long been used in the professional military and political literature.

So, using that accepted common concept, there are only insurgents if they are rebelling VS the government. So of course when the government is corrupt those that are corrupt aren't the insurgents. Hussein was a bad man, Hitler was a bad man, the funny thing is though, the same people who lament that our government didn't do anything about Hitler until it involved the US (who killed his own people and invaded other countries) are the same people who think that we shouldn't go after Hussein (who killed his own people and invaded other countries).

Hussein was a bad man, Hitler was a bad man, the funny thing is though, the same people who lament that our government didn't do anything about Hitler until it involved the US (who killed his own people and invaded other countries) are the same people who think that we shouldn't go after Hussein (who killed his own people and invaded other countries).

I'm one of those people, could you please explain what's funny about this? Logically speaking, this would only be consistent if the two men were equivalent threats and equally evil, and the response to each was the same.

Hitler was in charge of a major European power. By the time he started taking over other countries, he had amassed a fairly powerful, modern army, which was able to rival the best his opponents could muster.

Hussein was in charge of a crappy piece of desert in a place where all the good weapons are imported from other countries. Even at the height of its power in 1991, the Iraqi Army was powerless to even slow down the US Army and its friends. The kill ratio was something like a thousand to one. After the army was essentially destroyed in 1991, the sanctions imposed on the country never let it recover. The Iraqi Army in 2003 was but a shadow of its former self, and the US Army smashed it flat in about three weeks.

The best time to have stopped Hitler was Czechoslovakia. He took over that country, not by force of arms, but by diplomacy. The Allied powers were so afraid of war that they just let him have it. Czechoslovakia had a good, modern army and had excellent defenses prepared against Germany, but their political will to resist collapsed after France and the UK abandoned them and basically threw them to the wolves. If they had simply not abandoned Czechoslovakia, much would have turned out differently.

The best time to stop Hussein was... well, by the time we invaded, he was not a credible threat against any of his neighbors, and the invasion didn't stop him from taking any of them over because he wasn't going to anyway.

Hussein was no threat. It was known that he was no threat before the invasion. He may well have been as evil as Hitler, but he was never going to command anything remotely close to the military power possessed by Nazi Germany.

Given the above, I see absolutely no inconsistency in a position which holds that Hitler should have been stopped much earlier and Iraq should have been left alone.

I don't see wave after wave of people trying to storm our beaches, rape our infidel women or blow up idolatrous symbols of capitalistic greed over here.

The only reason "they" are relevant any more is that "they" are today's Commie Pinko Red Bastards."They" are a useful scare tactic, and that's it. I might care once they start killing more people over here than amount that die to three wheeled volkswagen eurkel-mobile collisions.

That's the strawman most often put forth to quell the discussion. Another one is the "fighting to protect your freedoms". Pretty lame, but the bar is pretty low on how to get people behind this kind of activity. I don't recall any Iraqi insurgents ever creating any kind of trouble in any of the 50 states, so I'm curious about your rationale for the statement. Are you just parroting something you heard, or can you further explain your sentiment?

For the longest time, I was on the "do not fly" list. I never knew why, but my name is very common. Turns out somebody used an alias the same as my name in the Bahamas to commit international wire fraud - I found this out when it took 6 hours to open a $100 bank account. It wasn't identity theft - just coincidence.

So here I am, not only taking my shoes off, but also being escorted to the back room for the "enhanced" security check every time I fly on an airliner. The only problem is that I'm an FAA-licensed pilot, and have all the clearance to enter just about any area of the airport! (once I get past the extended searchdown, that is)

This seems to be closer to the truth. I might say: "Religion has been used as an excuse for waging war with the rest of the world since it was invented." Religion is nothing more than man's interpretation of spirituality. As such, it's a great justifier of self will.

Islam was a young religion when Christians first attacked the Middle East. How are you not supposed to harbor a grudge, or at the very least distrust, with that kind of introduction, especially when (usually wrongly) self-identified Christians indiscriminately hold a gun to Muslims' heads while their hated cousins steal their land, the "Christians" steal their natural resources, and both of the robbers tell themselves fairy tales to rationalize it?

Hmmm... I feel safer killing insurgents in their backyard rather than killing them here, but I am probably strange that way.

Yes, you are strange that way.

You prefer, it seems, to create a huge number of insurgents, just for the purpose of fighting them?

Here's a little knowledge bomb I'm going to drop your way... They weren't there until you invaded. At least they weren't insurgents then.

"Fight them over there so we don't have to at home" is such an odious and incredibly false catch phrase. Really it disappoints me that so many Americans swallow it. How about, don't fight them over there or at home?

Hitler was quite openly intent upon conquering most of three continents, and was part of a functional alliance that was directly attacking the US. He was at the head of an enormously powerful and aggressive military force, and represented a huge threat to both the world in general and the United States in particular.

Hussein, on the other hand, only engaged in war with two other countries: Iran, with the US's urging and support, and Kuwait, with the US's permission. He was quite happy with his role as the US's pawn, and enjoyed only mutual opposition with the one group that had attacked America. He ruled a nation that had been so devastated by a decade of bombings and sanctions that it was mostly ineffectual even within its own borders, much less outside them. He could not have been less of a threat.

Hussein and Hitler did about the same things, both invaded other countries, both killed their own citizens, etc.

Saddam Hussein had American support when he killed his own people and invaded Iran, because America's policy was to maintain the balance of power between Iraq and Iran. He retained American support until he invaded Kuwait, which would have upset the balance of power. All that stuff about Iraqi troops unplugging Kuwaiti baby incubators was just propaganda - it might have been true or it might not, but it certainly wasn't the cause of the Gulf War.

America has been quite happy to support dictatorships (Iraq and Chile in the 1980s; Saudi Arabia, Uzbekistan, Egypt and many others in the present), to overthrow democratic governments (Iran in 1953, Guatemala in 1954, Chile in 1973, Nicaragua in the 1980s), to look the other way when its allies invaded other countries (Israel in 1967, Indonesia in 1975, Iraq in 1980), and even to invade other countries itself (Cuba in 1961, Cambodia in 1970, Grenada in 1983, Panama in 1989, Haiti in 1994, Afghanistan in 2001, Iraq in 2003). To pretend that American foreign policy is based on how well other governments treat their neighbours and citizens is naive at best and dishonest at worst.

My bad, It should have read Hitler never came and bombed us directly like Osama

Wait, wait. Now you've introduced a new character? Just how many players are in this little theatre production of yours?:)

While I agree that Hussein was a tyrant that was best deposed (the exact details being full of devils), I'm also inclined to keep it straight with who did exactly what and not confusing any of the players. Osama had nothing to do with all this.

Iraq had a tyrant and was allied with Osama and other terrorist groups (similar to Hitler and Nazi Germany which I am comparing it to)

Sorry, you're sadly misinformed. Saddam was not an ally of al Qaeda. He was a nominal Muslim, but his policies were anathema to he fundamentalists. (He let women work and attend university, for instance.) Saddam was on al Qaeda's hit list, and he knew it. They wanted to get rid of corrupt, loose-living secularists like Saddam and install a theocracy, like the Taliban, in every Muslim country. Saddam was an evil dictator, but never, to my knowledge, took any action against the US outside the Middle East.

I'll make an exception to my long standing policy of not responding to ACs:

The reason that America hasn't been subsequently attacked had nothing to do with punishing the silly, stupid Taleban in Afghanistan, or fomenting a war in Iraq. The perps were a group calling themselves Al Qaeda, and they haven't been touched. They were weak, tiny, and extremely clever; they got past security in NE airports, then were successful in three crashes, while the fourth dive bombed in Pennsylvania. This was not a million man army with nukes, just some very clever people. They subsequently disrupted transportation in Spain, where people were murdered, and also in the UK, where others were murdered.

No subsequent acts have occurred for any number of reasons, almost none of which have to do with the wars, as the wars were about pride and oil. This has nothing to do with US Dept of Homeland Security, which is an oxymoron.

Fight the bastards when they try to impinge on your privacy and your liberty. Question authority. Do so politely. Then let the judges kick them in the tender parts. That's their job. Do it again, repeat until you're free, because today, you're not.

While creating an intranet for the company I was doing some outside work for I ran into a problem authenticating through their antiquated AD system. Rather than updating everything or heaven forbid give management an actual password to remember my instructions were to "make it as scary as possible but don't actually put a password on it." I had a four tiered authentication system which would allow you to move forward regardless of what was put in the text boxes. They loved it, and a little piece of me died when I cashed the check.

Why the hell would you have a button that actually says "OK" on it? That's poor design, because you should know that people always click OK. A better design would be to have buttons that say "Delete" and "Cancel", with the Cancel button selected by default. Typing the phrase was a good alternate solution to eventually arrive at, though.

1) Find out what they want. (They will ask for bells and whistles and not tell you core process basics.)
2) Figure out what they actually need. (Research their actual process and design improvements.)
3) Try to convince them to want what they actually need and change the spec go with that.
4) After step 3), give them what they now want, whether it's what they need or not. (Provided it's legal and ethical.)

And of course:

5) Profit!

They are the bosses / customers. They decide what to spend money on. You are the hireling. You agree to do what they want in trade for the fee they pay. After step 3) your moral and ethical obligations are discharged - and if your suggestions are good you've proved your worth. If they're smart they go with what you suggested - or know something about their business that you didn't and reject your suggestion on that basis. But if they decide to do something you think is stupid once they've been informed, it's their business, so it's their call.

If public CA's are supposed to be trusted authorities of identity on the Internet, why do we have to have "extended validation" of an entity before they get a certificate? If we can't trust the CA to validate entities before issuing certificates in the first place, how can we trust them to issue Extended Validation Certificates in the second?

Oh, I forgot, they are in collusion with Microsoft and other CA's to inflate the cost of digital certificates they already issue.

In 2001 I was living in an apartment complex in a North Dallas suburb. If you got a package that wouldn't fit in those teeny-tiny mailboxes then the mail man would drop off the package at the apartment complex office and you could pick it up in normal office hours.

After September 11th, the apartment management sent out a memo to all residents that because of the heightened state of terrorism awareness the office would no longer allow packages to be held there for the residents.

Of course my first thought was they were just tired of dealing with the packages and saw this as a convenient excuse to stop holding packages for people.

My adviser back at University, Rich Maddox, used to tell a story from his youth, when he was dating a girl who (apparently for religious reasons? I don't remember exactly) always carried a large knife in her purse. So anyway, they were going to Disneyland with a couple of friends, and as they went through the entry turnstile they stopped Rich and asked to check his backpack for weapons and so forth. And they found a pocket knife there, and told him he couldn't bring it into the park because it was dangerous. That's when Rich called over to his girlfriend who was already inside, and said "Honey, do you still have that knife with you?" And she pulled it out of her purse and said "Yeah, why do you ask?"

Every time I'm held up by the "No Fly List" because I have an insanely common name, I feel like a victim of security theater. How many would be terrorists have been caught by the no fly list?

In my opinion almost all forms of random searches are security theater.

People putting loaded handguns in their homes in the case of a wood-be assailant or robber breaking in. This is not only security theater, it increases the risk you are putting yourself and your family in. Not to mention that in most instances of murder the victim knew the assailant. You're more likely to die of suicide than a robber killing you.

I don't know if these are examples where the security theater is a cover for another reason--unlikely. But there's clearly examples where it just makes your life worse more often than better.

Two things: Firstly wooden assailants are very dangerous and resistant to gunshot wounds. Your best bet against this sort of wood-be assailant is a flamethrower or an ax.

Secondly, saying that you shouldn't have a gun because you are more likely to commit suicide than be killed by an intruder implies that either people randomly commit suicide for no reason or that people choose to have home invasions. They are not really the same sort of thing so the statistics aren't really a helpful metric.

That said, if you are a person with suicidal tendencies you should keep neither firearms nor flamethrowers (which confusingly are not generally considered firearms) around the house. Axes however are very difficult to commit suicide with, and as such should be kept in the event you run into any would-be wood-be assailants.

People putting loaded handguns in their homes in the case of a wood-be assailant or robber breaking in. This is not only security theater, it increases the risk you are putting yourself and your family in. Not to mention that in most instances of murder the victim knew the assailant. You're more likely to die of suicide than a robber killing you.

Gun vs Burglar is not security theater. It actually does have value in your defense against the burglar and it's not really a "theater" in the sense you aren't even advertising that you are keeping a gun in your home.

Random searches provide excellent security, provided the punishment for getting caught exceeds the benefits multiplied by the risk. Let's say I'm asked to smuggle weapons onto a plane. Not for a hijackings or anything, just as a black market delivery. I'm offered $10,000 to do it. I've got a great plan; assuming the security screeners don't hand search my bags, there is basically zero risk of getting caught. So now it's down to the random searches. If the punishment is 1 year in prison, and they only screen 1 in 10 people, the odds are pretty good; assuming that I value my freedom at less than $100,000 per year. Now if the punishment is 20 years in prison, now my freedom is worth less than $5,000 per year.

Let's hypothetically try to redo 9-11. (Yes, only a stupid terrorist would try that exact same attack again, but it's a good example with concrete numbers.) We're all expecting to die, so the threat of jail is irrelevant. However, if a single one of us gets caught with weapons, there is a good chance security will be stepped up and my 19 accomplices will be caught as well. That's very bad, from my terrorist point of view. Since 20 of us need to get past security, even if they only randomly screen 1 in 20 people, there is a 64% chance of at least one person getting searched and busted. 1 in 10? 87% chance of getting busted. Very bad odds.

Now obviously it's better to only search people who are bad guys. Unfortunately the entire point of searching people is to identify the bad guys, so that's unhelpful. We can try to be clever and profile people based on, say, their ethnicity. After all, statistically aren't Arab men more likely to hijack planes and crash them? Oddly, this makes the attack easier for the bad guys. Just start flying people around without weapons. See who gets searched. The people who run several flights without getting searched are ideal for your next attack. (A good article with further links on the complexities with profiling. [schneier.com] As he points out, profiling based on suspicious behavior is good, although hard.)

Of course, I'm glossing over lots of details. We need to balance many other things, including civil rights. Random searches of homes would likely be a very effective way to stop many crimes. It's also a violation of the US constitution and the principles our country was founded on. Many relatively minor crimes would necessitate punishments that many people would describe as cruel and unusual to compensate for the low risk of getting caught. The benefit of stopping the bad thing may be very minor compared to the cost of the searches. (For example, random drug tests for most jobs hurts moral and costs money, with little benefit.) But fundamentally random searches do work.

And since they're a group of them, desperate enough to mangle or kill you, they certainly all have weapons. And given the situation, the weapons in question are certainly assault rifles. And they're not stupid, just desperate, so they'll rely on strength in numbers, attacking by the hundreds. At this point, having arranged a group of hundreds of heavily armed men, they pretty much have to murder you. This is why I feel much safer keeping a loaded M1 Abrams in my bedroom.

Back in ArpaNet days, MIT had machines running an OS called ITS. It was a friendly and happy world and there were user accounts but no passwords. But networking means that strangers can connect and so Arpa insisted that passwords be added. So the ITS developers added a password prompt that ignored the password, and this made the Arpa people happy for a while until they figured it out and made them actually check the password.

In a similar vein, Microsoft file server passwords were originally checked only on the client, a fact which went undiscovered until Samba came along.

I had a boss that named the wireless network "Virus". On asking him about this, he explained "it's to scare off hackers - they won't connect if they think they'll get a virus". Ah, ok.

It's probably worth pointing out he wasn't aware you could "secure" a wireless point with a basic WPA key at least - it was completely open, anyone could walk right in, assuming they beat the fear of the "virus" that was.

The libraries let you sign your own books out. You place your book and card under a scanner, and then it demagnetizes the book so the alarms won't go off when you leave. The scanner only reads a barcode though, so you can stick five books on it, sign out one, and demagnetize them all. Presto, four free books.

Of course, when the security alarms do go off at the library anyway, they just let the people walk out.

...while I was temping for a company in Chicago, I was asked to deliver a box of candy to a client in the Sears Tower. While entering, I went though the giant, heightened security setup - x-rays and all - and got held up because I had a box cutter in my backback.

They held it up triumphantly and shouted at me, "Just what do you expect to do with this?!"

I wanted to ask them them the same question back. Just what did they expect I'd do with that? In a building that had security guards with guns? Was I going to hijack the building and crash it into a plane?

Back in 2005, I bought, which at the time, was a high-end Acer laptop. Less than a month later I took the laptop with me on a vacation, where I flew to Missoula, Montana from Minneapolis - St. Paul International Airport. The MSP airport is also Idaho Senator Larry Craig's favorite layover destination. So after arriving at the airport on the day of the flight, I got in the line for the security screening and I did not remove the laptop from the bag, which was bad of me. I overheard one of the security screeners state to another screener that he had observed the laptop during the scanning and then my bag was flagged. Another screener took my bag, called me over and asked me to open my bag and asked me to turn on my laptop. Things seemed to go well at first, I turned the computer on and proved that it worked. As the computer was booting up, the TSA screener wiped a disposable microfiber cloth on parts of the exterior of the laptop. However, the screener had some sort of spectrometer. The screener put the cloth into this spectrometer. Something was wrong with the results and the screeneer started to wipe down the inside and outside of my backpack with additional cloths. The trace chemical results from the backpack were similar to the initial results from the laptop. The spectrometer results showed trace amounts of the explosive TNT. The screener asked me if I gone hunting with that bag, which I had not done. However, three years earlier I had been to Montana for a field camp class for my Geology degree and put several rocks in the backpack. Some of the rocks apparently had a residual amount of TNT left on them, after being blasted, and the TNT was transfered onto the surfaces of the backpack. The screener was satisfied with this explanation and allowed me to go and catch my flight.

On my bank's web site, when I used the browser's back button, things started to get out of sync. You had to click their own custom back button somewhere in the pages so that everything would continues to work.

When I called to report it, I was explained that I had to click their own back button, not mine. When I said "Yes, I know, I just wanted to let you know so that you can fix the bug sometime", the final answer was something like "It's by design. It's for security reasons". At that point I was expected to say "ok. thank you" or whatever, and to understand that a "bug" was totally unthinkable on their super-reliable ultra-secure blah blah bank site.

Nevertheless, a few months later, the bug was gone. I didn't call back to say I'm now worried about the security...

The RFID bracelets on an infant can give comfort to the parents but its more of a deterrent then anything. Sure the hospital can tell the parents that their child is protected. But the hospital is not protecting the child as much as its protecting itself. For example:

A guard that is in the bank is not there to stop a bank from being robbed. He deters people from committing the crime itself. In a robbery situation the guard himself is useless because the individual or individuals robbing a bank would take him out first. But in most bank robberies, the criminals are going to go after a bank without a guard anyway.

A mall guard doesn't stop people from stealing, he creates the presence of being watched, therefor deterring people from stealing.

Same goes with cameras in stores. Most of the time no one is monitoring the cameras and if anything their used to watch employees over customers. But their deterring employees from doing anything unethical or illegal and they deter people from stealing.

In my opinion the idea of security theater and feeling safe is crap. You might as well spend the time and effort to know your safe then make it seem like you feel like your safe.

What's left to say? It's pretty clear that drugs are more dangerous when they're only available in the unregulated black market than in a regulated legal market. Criminalizing the use of drugs only hurts drug users more, yet it's done in the name of safety.

What's worst is that we've been fighting this war for decades, no end is in sight, we've spent more money and lost more freedoms fighting it than we have in Iraq. And still, no one in power has the balls to speak out against this.

We live in a sick, sad world. People who would meet the non-violent act of drug use with the violent acts of arrest and imprisonment are themselves violent criminals. Yet in this society they are deemed good citizens.

The purpose of the War on Drugs is to support the price of illegal drugs. If these drugs were legalized, the price would instantly collapse, and lot of powerful people would be very upset. (credit to Doonesbury or Outland (?) for pointing this out)

...is the one we've all seen in the airport: confiscation of bottled water. Every time a TSA guy finds your bottle of Dasani, he pours the suspected explosive in the trash. His very first good catch will be his last...

The DOD replaced reasonable passwords with Common Access Cards. The difference? Instead of having to find out someone's 8+ character alphanumeric password that changes every month, you need to have physical access to their card and need to know their 6 digit number that never changes. Meanwhile, everyone is forgetting their card in the reader when they go to lunch, so they can't get back on base -- but feel free to use it yourself in the meantime.

I was working with a particular system where the vendor added a strict password security policy. They require a mixture of uppercase and lowercase letters as well as at least one digit or special character. Later on, I discovered, by accident, that the password is not case sensitive when you actually go to login. It turns out that the routine for setting the password enforces stronger passwords than the underlying system can actually support. The vendor, of course, claimed that they would be upgrading their underlying password encryption algorithm very soon.

I was living in Salt Lake City during these games. Remember that the Olympics were only a few months after 9/11. There were huge security concerns. We saw low flying helicopters over the city we were told were searching for nuclear material. We saw various 'special forces' teams deployed in the mountains around venues looking for 'snipers.' The security downtown was surreal. People were checking every car coming in and out for bombs. Everyone had to go through metal detectors (in some cases, you actually had to pass two layers of metal detectors). The amount of government agents per city block was astounding. Many were armed with sub-machine guns. For such a quiet city like Salt Lake, seeing troops walk around in full combat gear was quite theatrical.

My favorite security theatric was an ATF agent standing on a street corner, machine gun in hand and in full combat gear. He was waving and smiling at people driving buy to be sure they all saw him and his gun. I stopped and watched him for about 20 minutes before he started using his radio while giving me the 'killer' eyes. Despite the smiling and waving, he was not friendly, not at all. I decided to vacate my vantage point. Those guys were so bored they were looking for targets to harass.

I had some stock options through my job that I tried to cash through the etrade account that had been set up for me. The stock price was rather high, and our trading window was about to close, so I tried selling at literally the last minute. The sell order failed, and no reason was given. A few days later, I received a letter in the mail from etrade telling me that my account was locked. Several years before, while living in a different state, I had an etrade account. Because the SSN was the same on both accounts, but the addresses were totally different, some part of the Patriot Act made them lock my account until I could prove my identity by sending them a notarized copy of my social security card.

Another example, which isn't really security theater, just shitty work by the TSA happened to me a few years before that.

My wife had to fly out of state for a funeral, and she took our 6 month old daughter with her. I took them to the ticket counter. Since she was traveling with a baby, a car seat, and her carry on bag, the ticket agent offered to print me a pass that would allow me to accompany her to the gate and help her carry her things.

As I was getting up to the xray machines, I remembered that I had a small pocket knife in my pocket. I hadn't removed it since I wasn't expecting to go through security. As I got to the xray machine, I told the operator what had happened, and told her that I'd just go back through the line and put the knife out in our car.

She seemed ok with that, and told me that I could just go ahead and go through the xray machine, and out the exit that was just a few feet from the xray machine, so I didn't have to go back and work my way through the line.

As soon as I went through, several TSA agents came up and detained me for attempting to bring a weapon through the security checkpoint. I wound up being searched, my 6 month old daughter that I was holding was searched, and I was questioned for about an hour as to why I had tried to take a knife through security. Not once did they go talk to the lady running the xray machine less than 50 feet away, who had told me to go through.

In the end, my knife was confiscated (It was about a $50 knife), and I was threatened that I could be under arrest for attempting to smuggle a weapon through the airport, and I could be facing a several thousand dollar fine for it. They filled out a report, and made me immediately leave the terminal.

About a month later, I received a letter from the TSA saying that they had chosen not to fine me this time, but if I ever came up in their system again I would face the maximum penalties.

In a past life, I worked for a major aerospace company. Security appeared pretty tight, what with armed guards checking IDs at entry points. They also had manned checkpoints to check vehicle passes at the road entrances. These were usually issued to upper management, enabling them to park inside the fence, close to the buildings. The peons had to park outside and walk in.

Because of my job in various R&D labs, I was always hauling equipment around in my personal vehicle. There were provisions to issue employees in my position a temporary vehicle pass and a 'parcel pass', allowing us to transport company equipment through the gates.

Throughout my career, I was never ever challenged when exiting a facility with a hatchback, obviously loaded with expensive equipment. The vehicle pass system existed only to ensure that some scumbag grunt didn't park in a manager's space. Security guards were nothing more than glorified parking enforcement.

At some of the production facilities, gate guards were instructed to examine lunch boxes of the workers exiting to ensure that they were not swiping tools. Briefcases were exempt from such checks, as they were typically carried by trusted engineers and management. As most of the engineers working within production facilities were indistinguishable from mechanics by dress or any badge markings, I suppose it never occurred to security that a worker intent on swiping tools could obtain a briefcase.

I was trying to transfer some funds out of a joint bank account. I used the phone based system (and answered the usual security questions). Then the person told me that for the transfer to be allowed, both people on the joint account needed to sign-off on the transfer.

The other person wasn't available... so I just said "Ok, hold on I'll get him." Then waited a few seconds and said "Hi. Yes, I'm he. Yes I confirm the transfer."

They transferred the money. No authentication, no double-checks. Just some voice on a phone (I didn't even bother faking a different-sounding voice) saying that it was ok.

I have a friend who works for *organization*. They work in asingle-story building, in a suburb of a second-tier city. The buildingsits on its own plot of land, on a hill, in an industrial-office-parkkind of area. The building is a lab, but it's mostly monitoringequipment. It's not weapons, or explosives, or significant quantitiesof chemicals.

This is probably not what anyone would consider a high-value target.There's never been any kind of attack or threat against the buildingor its personnel. But after 9-11, management started obsessing aboutsecurity.

The first thing they did was get armed guards for the building. Armedguards did not make my friend feel secure. My friend wondered abouttheir training and worried about getting shot.

Guard duty is tough. It's hot in the summer and cold in the winter,and the guards aren't in good condition to begin with, since they juststand there all day and never get any exercise. In practice, theguards spend most of their time sitting in their cars in front of thebuilding, with the engine running for heat or AC.

Management decided that this didn't look good, so they built a guardshack along the right-hand side of the driveway. Now the guard sits inthe shack and watches the cars go by.

But that didn't seem very secure either--a bad guy could just driveright by without stopping(http://en.wikipedia.org/wiki/1983_Beirut_barracks_bombing).

So they added a gate, and spikes, and a card reader. To pass, anemployee stops at the gate, rolls down their window and swipes theircard. The gate goes up, the spikes retract, and they drive through.

My friend doesn't trust this system a bit, and makes a point ofwatching to see that the spikes have retracted before driving overthem. There was speculation among the staff as to who would be thefirst to blow out their tires on the spikes. As it happenes, it wasthe mailman, followed some time later by two visitors who eitherdidn't see or didn't understand the signs warning against followinganother vehicle through the gate.

I suggested that they stencil silhouettes of all the vehicles they'vecaught on the guard shack, the way fighter pilots (used to?) recordkills on the nose of their airplanes.

My friend points out that even with a gate and spikes, the system onlyprotects against attackers who- care about their tires, and- don't have trucksbecause any vehicle can blow through the gate and make it the shortdistance to the building on four flat tires, and any truck can driveover the curb and avoid the whole thing.

Management decided that blowing out their visitors' tires wasunfriendly, so they instituted a new procedure for passing the gate.Now, drivers stop at the gate and roll down their window. The guardwalks from the shack (on the right), in front of the car, to the cardreader (on the left), takes the driver's card, swipes it, and returnsit to the driver. Then the driver can pass.

The staff considered that the guards were now at risk of being runover--and it happened. An employee reached down in his car to get hiscard, his foot came off the brake, and the car rolled forward into theguard. The guard was taken to hospital--I don't think the injurieswere too serious. The driver has to appear in court and pay fines--Idon't know if it is criminal or civil.

Every year, my lady and I go up to Canada for the 4th of July weekend to escape the annual (and mostly illegal, under local city codes) fireworks war-zone that infests our neighborhood. We've been doing this for several years, and in fact we both just got our NEXUS cards. [cbsa-asfc.gc.ca]

To help put this in context: I'm a ham radio operator, as well as a volunteer first-responder. I've had formal training, through our city's fire department, in disaster relief, emergency medical procedures, basic search-and-rescue, the whole bit.

Because of the above, our minivan is well-equipped for emergencies. I've installed multiple communication radios, a navigation computer, and I carry a medical trauma kit and various safety gear such as flares and a reflective vest. Besides the small antenna farm on the roof, I also have a light bar mounted on the back end (amber, red, clear... same as many tow trucks).

Every bit of it is legal under the road laws of every state except New York (I know, because I spent a couple of long nights going through said laws to make bloody sure!). Couple all that with the fact that I work for our state's police agency (non-commissioned, civil service).

Now, with all the above in mind -- Last year, we're coming back through on Sunday afternoon. I normally have the radios and navigation system on while driving, and this has never, in times past, been an issue.

Not this year. The border guard we drew seemed to be short on both sleep and temper, and rudely ordered me to turn EVERYthing off before he would even talk to us. One of the questions he asked, after that point, was who I worked for. When I told him, he said (snappily) that, for that reason alone, I should understand why he'd told me to turn everything off.

He let us move on at that point, but before I took off I told him, flat out, "No, I don't understand."

And it was the honest truth! If someone's going to try and set off something that goes bang via radio, or other wireless means, it strikes me that they're going to go to considerable effort to keep such activities hidden. They certainly would not do so in a hugely-long border-crossing line, where there was absolutely no way to move anywhere but through the guard posts, in a minivan that stands out like a solar flare and has ham radio callsign plates to boot!

I have no clear idea why this guard was so nasty, or what bizarre purpose his attitude served. I will say that it did indeed strike me as pure theater.

The only thing I can think of is that, perhaps, his sergeant or lieutenant was observing him at the time, and we didn't notice...?

My wife manages an apartment complex. She was having problems with messes left in the laundry room. We installed a fake camera with a flashing led light.

The office had a second door with a peep hole into the laundry. To give the camera an air of legitimacy, she sat in the office one night and made a note of everyone who came into the laundry. When they came in to pay their rent the next week, she mentioned that she saw them doing their laundry on the "tape" and asked about a fictitious mess that was left.

She managed to do this to a couple of the complex gossips, and never had a problem in there again.

I was an intelligence analyst in the NJ Army National Guard until my contract ended in 2006.

We were deployed twice to protect Port Authority facilities around NY and NJ. On both deployment we had our weapons M16A2s or pistols. On our second deployment we were not given ammunition. Yes, we were walking around in uniforms holding empty rifles.

The best we could do is radio the Port Authority Police or possible club someone trying to steal our weapons. Our combat effectiveness was slightly above that of Nerf.

Remind me of a friends story while in China. His friend, who was Chinese, was driving down this shortcut and in front of him was the very professional, and heavily armed Chinese soldier standing in the way. He decided to just drive around him and my friend started to freak out and asked him, "what the hell was he doing, he could have gotten them killed!" His friends reply was, 'oh they don't give them any bullets!"

Not having flown a commercial airliner recently, I'd completely forgotten about the liquid/aerosol rule and decided to carry my luggage onboard. After standing in line for awhile, I noticed the signs and remembered. Crap! I had my mouthwash, an aerosol can of deodorant, and my aerosol shaving cream with me. Given the length the line had grown to, I decided to just forgo those items than risk being late.

A bit about those three items. Both the shaving cream and deodorant were in aerosol cans, both larger than the size allowed, but obviously retail items. The mouthwash was too large as well, and was a generic amber bottle, about 14 or so ounces, with a prescription sticker (I have gingivitis).

I pull all three items out, and just tell the TSA guy that I know I need to toss them. He glances at all three and tells me I have to ditch the deodorant and the shaving cream, but I can keep the mouthwash.

Because it's prescription.

So, the two retail aerosol cans that are nearly impossible to inject anything into are verboten, but the amber bottle with the mystery liquid in it, that's okay, because it has a sticker with a Walgreens logo on it. Fan-fucking-tastic.

I've read a lot of replies that said that TSA security checks were theatre, and they're right, but nobody has mentioned the requirement to present identification. To me, this is the most glaring bit of airline security theatre, because it has almost no security value at all, but a huge ulterior motive for the airlines.

I had a contract at a high security government site. At one location an MP actually had a M16 pointed at me while I worked but that's a different story. At this location the computer room was raised and had a ramp leading to a secure door. Not having the proper card to get in I always needed an escort for access. The problem was no one was ever around when I needed in.

One day after waiting 45 minutes for my escort I had an idea. I lifted one of the tiles in front of the door, slipped under and came up the other side of the raised floor. Another 45 minutes and my escort finely arrived beside himself I was already in the room. He lectured me about Top Secret this and Top Secret that, the ramifications and had to know how I got in... So I told him. They installed a barrier under the floor.

The next time it happened I looked up and saw a tile ceiling. The lecture worked because I didn't go over but I was tempted.

I visited Washington DC in 2003, and went for a wander around the White House boundary fence.One thing you don't realize when you see it on television is just how big the garden is, and how far away the fence is.

But that's by the by. As I was walking around the boundary fence, I noticed a security guard, armed with what appeared to be a shotgun, hiding behind a bush. What was even stranger, he was attempting to, but failing, to hide from me, armed with what was obviously a digital camera and nothing else.

I continued walking around a bit, looking at him. He continued to edge around the particular shrub; again, trying, and failing, to keep out of my view.

It was so patently absurd that I felt like taking a photo of the scene, but given that the guy was carrying a shotgun and this was the White House, I thought it might be prudent to ask first.

So, I called out to the guy "excuse me, but do you mind if I take a photo"?

The reply comes back "no, don't take one". And he tries even harder, and fails, to hide himself.

This is despite the fact that anybody with a pair of binoculars, or a long lens camera, would have easily spotted the bloke from several hundred yards away. The Secret Service must, of course, know this, and probably had two other armed guards I hadn't spotted watching me.

For the life of me, I still don't understand what this guy was trying to achieve hiding behind the shrubbery. Look, everybody expects there to be guards in the White House gardens, some of whom you'll see, some of whom you won't unless you try something insanely stupid. But this whole hide-and-seek routine made absolutely no sense at all.

OK, solution. Ask for TWO cans of soda. Drink the first one and then tear the second one in half. Try to pour as much of the flowing liquid into the now empty first can.......no wait.. Ask for THREE cans......crap....